Compiled by Marketing Coordinator Abbey Wright
Cyber Wrap-Up – June 2025: 7 Key Cyber security threats and what you can do:
June has been a heavy month in the world of cyber security, with serious vulnerabilities, creative phishing tactics, and a staggering data breach affecting billions. We want to keep our clients informed and protected. Here’s a roundup of what happened – and what you need to know to stay safe.
Google account recovery vulnerability leaks phone numbers
A deprecated, JavaScript-disabled version of Google’s username recovery form was found to leak associated phone numbers due to lack of rate limiting. This discovery opens the door for SIM swapping attacks, allowing criminals to hijack your phone number and gain access to your accounts.
Takeaway:
- Don’t rely on your phone number as your primary security method.
- Use authentication apps instead.
- Regularly audit your account recovery options.
Find out more: https://thehackernews.com/2025/06/researcher-found-flaw-to-discover-phone.html
16 billion login credentials leaked – Major data breach alert
A monumental breach has compromised 16 billion sets of credentials, including logins for Apple, Google, and Facebook. Experts warn of phishing and account takeover risks.
Takeaway:
- Change your passwords now, especially if you reuse them.
- Use unique passwords for each service.
- Enable 2FA (or better yet, consider passkeys).
SUSE Linux Privilege Escalation vulnerability
Security researchers at Qualys discovered a critical vulnerability chain in SUSE Linux Enterprise 15, enabling local users to escalate privileges and gain full root access through PAM, libblockdev, and udisks2.
Takeaway:
- If you use SUSE Linux Enterprise 15, patch immediately.
- Limit local user privileges where possible.
- Monitor logs for unusual escalation attempts.
Roundcube webmail vulnerability affects 53 million hosts
If you run a web server or cPanel hosting, you may be unknowingly running Roundcube, a popular webmail system with a severe vulnerability. Attackers are scanning for outdated instances to compromise servers.
Takeaway:
- Check if Roundcube is installed – even if you didn’t set it up.
- Apply the latest patches ASAP.
- Harden your server security and disable unused software.
Find out more: https://fearsoff.org/research/roundcube
Summer travel scams: Fake hotels, travel sites & phishing
Scammers are preying on holidaymakers by impersonating popular travel brands via email and fake websites. Google warns users to be cautious, especially with wire transfers or bank deposits.
Takeaway:
- Use Google’s ‘About This Result’ tool to verify travel links.
- Book through official websites and avoid email-only deals.
- Never send payment via bank transfer to unverified contacts.
New phishing campaign bypasses MFA with google app passwords
A clever phishing technique is tricking users into sharing Google App Passwords – 16-digit codes designed to allow access for less secure apps. Attackers build trust over time and convince victims to hand them over, effectively bypassing MFA.
Takeaway:
- Be wary of anyone asking you to generate or share App Passwords.
- Disable App Passwords if not needed.
- Encourage your team to spot low-pressure phishing – it’s not always urgent or alarming.
Supply chain attacks highlighted at Energy Networx
We were proud to deliver the Cyber Security Update at Britain’s Energy Coast Business Cluster’s Energy Networx event. Our focus: how supply chains can be weaponised by cybercriminals.
Takeaway:
- Join our Cyber Security Awareness Training in July to strengthen internal defenses.
Book your place here: https://www.indelibledata.co.uk/cyber-awareness-training/
Final Thoughts
June 2025 has shown just how fast cyber threats evolve – from overlooked tools leaking sensitive data to novel phishing that sidesteps traditional security layers. Whether you’re managing a server, planning a holiday, or securing your business, awareness and action are your best defenses.
Stay alert. Stay secure.